ProHoster > Блог > Gudanarwa > Shigarwa da daidaita Nexus Sonatype ta amfani da abubuwan more rayuwa azaman hanyar lamba
Shigarwa da daidaita Nexus Sonatype ta amfani da abubuwan more rayuwa azaman hanyar lamba
Sonatype Nexus wani dandali ne wanda aka haɗa ta hanyar da masu haɓakawa za su iya wakili, adanawa da sarrafa abubuwan dogaro na Java (Maven), Docker, Python, Ruby, NPM, Hoton Bower, fakitin RPM, gitlfs, Apt, Go, Nuget, da rarraba amincin software.
Me yasa kuke buƙatar Sonatype Nexus?
Don adana kayan tarihi na sirri;
Don adana kayan tarihi waɗanda ake zazzage su daga Intanet;
Abubuwan da aka goyan baya a cikin ainihin kunshin Sonatype Nexus:
Gudu shigarwa na Nexus ansible-playbook -i host nexus.yml
Misali littafin wasa mai yiwuwa don shigar da nexus ba tare da LDAP tare da Maven (java), Docker, Python, Ruby, NPM, Bower, RPM da wuraren ajiyar gitlfs.
Idan kun canza zuwa sabon sigar, aikin zai yi ƙoƙarin sabunta shigarwar Nexus ɗin ku.
Idan kuna amfani da tsohuwar sigar Nexus fiye da na baya-bayan nan, ya kamata ku tabbatar da cewa baku amfani da fasalulluka waɗanda babu su a cikin sakin da aka shigar (misali, ana samun ma'ajiyar yum ma'ajiyar don nexus fiye da 3.8.0, git lfs repo. don nexus fiye da 3.3.0 da dai sauransu)
nexus timezone shine sunan yankin lokaci na Java, wanda zai iya zama da amfani a hade tare da waɗannan maganganun cron don ayyukan nexus_scheduled.
nexus_installation_dir ya ƙunshi shigar fayiloli masu aiwatarwa
nexus_data_dir ya ƙunshi duk tsari, ma'ajiyar ajiya da kayan tarihi da aka sauke. Hanyoyi masu shinge na al'ada nexus_data_dir za a iya musamman, duba a kasa nexus_blobstores.
nexus_tmp_dir ya ƙunshi duk fayilolin wucin gadi. An koma tsohuwar hanyar redhat daga /tmp don shawo kan matsalolin matsaloli tare da hanyoyin tsaftacewa ta atomatik. Duba #168.
Yana saita Amfanin Ƙwaƙwalwar Ƙwaƙwalwar Nexus JVM
Waɗannan su ne saitunan tsoho na Nexus. Don Allah kar a canza waɗannan dabi'uIdan baka karanta ba Nexus tsarin bukatun sashin ƙwaƙwalwar ajiya kuma ba su fahimci abin da suke yi ba.
A matsayin gargaɗi na biyu, ga wani yanki daga wannan daftarin aiki na sama:
Ba a ba da shawarar ƙara ƙwaƙwalwar tulin JVM sama da ƙimar da aka ba da shawarar ba a ƙoƙarin haɓaka aiki. Wannan na iya haifar da akasin haka, yana haifar da aikin da ba dole ba don tsarin aiki.
Kalmar sirrin mai gudanarwa
nexus_admin_password: 'changeme'
Kalmar kalmar sirri ta "admin" don saitin. Wannan yana aiki ne kawai akan shigarwar tsoho ta farko. Da fatan za a duba [Canja kalmar wucewa ta admin bayan shigarwa na farko](# change-admin-password-after-first-install) idan kuna son canza shi daga baya ta amfani da rawar.
Ana ba da shawarar sosai cewa kar a adana kalmar sirrinku a cikin madaidaicin rubutu a cikin littafin wasan kwaikwayo, amma don amfani da [ɓoye-ɓoye-wuri] (https://docs.ansible.com/ansible/latest/user_guide/vault.html) (ko dai cikin layi ko a cikin wani fayil daban wanda aka ɗora masa misali sun haɗa da_vars)
Samun shiga mara izini ta tsohuwa
nexus_anonymous_access: false
An kashe hanyar da ba a sani ba ta tsohuwa. Kara karantawa game da shiga mara amfani.
Waɗannan masu canji suna sarrafa yadda rawar ke haɗawa da Nexus API don samarwa. Don masu amfani masu ci gaba kawai. Wataƙila ba kwa son canza waɗannan saitunan tsoho
Saiti SSL Reverse Proxy.
Don yin wannan kuna buƙatar shigar da httpd. Lura: lokacin don httpd_setup_enable saita darajartrue, lambobin sadarwa 127.0.0.1:8081, haka ba kasancewa kai tsaye ta hanyar tashar HTTP 8081 daga adireshin IP na waje.
Tsohuwar sunan mai masaukin da aka yi amfani da shi shine nexus_public_hostname. Idan kuna buƙatar sunaye daban-daban saboda wasu dalilai, zaku iya saita httpd_server_name da wata ma'ana ta daban.
С httpd_copy_ssl_files: true (ta tsohuwa) waɗannan takaddun shaida na sama yakamata su kasance a cikin kundin littafin wasan ku kuma za a kwafi zuwa uwar garken kuma a saita su a cikin apache.
Idan kana son amfani da takaddun takaddun shaida akan uwar garken, shigar httpd_copy_ssl_files: false kuma samar da masu canji masu zuwa:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"
httpd_ssl_cert_chain_file_location na zaɓi ne kuma yakamata a bar shi ba a saita shi ba idan ba kwa son tsara fayil ɗin sarkar
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: name
jerin gata don saituna. Dubi takaddun da GUI don bincika sauye-sauye da ake buƙatar saita dangane da nau'in gata.
Waɗannan abubuwan an haɗa su tare da tsoffin ƙima masu zuwa:
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role names
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role ID
Na gida (marasa LDAP) masu amfani/jerin lissafin don ƙirƙira a cikin nexus.
Jerin masu amfani/asusu na gida (wanda ba LDAP ba) don ƙirƙira a cikin Nexus.
Ldap taswirar masu amfani/matsaloli. Jiha absent zai cire matsayi daga mai amfani idan akwai daya.
Ba a share masu amfani da Ldap. Ƙoƙarin saita matsayi ga mai amfani da babu shi zai haifar da kuskure.
Masu zaɓen abun ciki
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"
Don ƙarin bayani game da zaɓin abun ciki, duba Takaddun bayanai.
Don amfani da zaɓin abun ciki, ƙara sabon gata tare da type: repository-content-selector kuma masu dacewacontentSelector
Share ma'ajiyar bayanai daga nexus shigar tsoho na farko. Ana aiwatar da wannan matakin ne kawai akan shigar farko (lokacin nexus_data_dir an gano komai).
Cire ma'ajiyar ajiya daga tsohowar tsoho don Nexus. Ana yin wannan matakin ne kawai yayin shigarwa na farko (lokacin nexus_data_dir komai).
nexus_delete_default_blobstore: false
Share tsoho kantin sayar da kaya daga nexus shigar da tsoho tsoho na farko. Ana iya yin hakan kawai idan nexus_delete_default_repos: true kuma duk wuraren da aka tsara (duba ƙasa) suna da bayyane blob_store: custom. Ana aiwatar da wannan matakin ne kawai akan shigar farko (lokacin nexus_data_dir an gano komai).
An kashe cire ma'ajiyar tsutsa (kayan aikin binary) ta tsohuwa daga tsarin farko. Don cire ma'ajiyar tsummoki (kayan aikin binary), kashe nexus_delete_default_repos: true. Ana yin wannan matakin ne kawai yayin shigarwa na farko (lokacin nexus_data_dir komai).
Blobstores don ƙirƙirar. Ba za a iya sabunta hanyar bulobstore da kantin sayar da kayan ajiya ba bayan ƙirƙirar farko (duk wani sabuntawa anan za a yi watsi da shi akan sake samarwa).
Ana samar da saitin kantin sayar da kayan kwalliya akan S3 azaman dacewa kuma baya cikin gwajin sarrafa kansa da muke gudanarwa akan travis. Lura cewa adanawa akan S3 ana bada shawarar ne kawai don abubuwan da aka tura akan AWS.
Halitta Blobstores. Ba za a iya sabunta hanyar ajiya da ma'ajiyar ajiya ba bayan ƙirƙirar farko (duk wani sabuntawa anan za a yi watsi da shi idan an sake shigar da shi).
Ana ba da saitin ma'ajin bulo akan S3 azaman dacewa. Da fatan za a lura cewa ana ba da shawarar ajiyar S3 ne kawai don abubuwan da aka tura akan AWS.
Dukkan nau'ikan ma'ajin ajiya guda uku an haɗa su tare da tsoffin ƙima masu zuwa:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies only
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFs da nau'ikan ma'ajiyar yum:
gani defaults/main.yml don waɗannan zaɓuɓɓuka:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFs da yum ma'ajiyar ana kashe su ta tsohuwa:
Duba defaults/main.yml don waɗannan zaɓuɓɓuka:
Ba za a saita madadin ba har sai kun canza nexus_backup_configure в true.
A wannan yanayin, za a saita aikin rubutun da aka tsara don gudana akan Nexus
a tazarar da aka kayyade a nexus_backup_cron (tsoho 21:00 kowace rana).
Duba [samfurin groovy don wannan aikin](samfuran/backup.groovy.j2) don cikakkun bayanai.
Wannan aikin da aka tsara ya kasance mai zaman kansa daga wasu nexus_scheduled_taskswanda ku
sanar a cikin littafin wasan ku.
Idan kana so ka juya/share madadin, shigar nexus_backup_rotate: true kuma saita adadin madadin da kuke son adanawa ta amfani da nexus_backup_keep_rotations (default 4).
Lokacin amfani da juyawa, idan kuna son adana ƙarin sarari diski yayin aiwatar da madadin,
Kuna iya shigarwa nexus_backup_rotate_first: true. Wannan zai saita pre-juyawa/sharewa kafin madadin. Ta hanyar tsoho, juyawa yana faruwa bayan an ƙirƙiri madadin. Da fatan za a lura cewa a cikin wannan yanayin tsofaffin madadin
za a share kafin a yi madadin na yanzu.
Hanyar farfadowa
Guda littafin wasa tare da siga -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(misali, 2017-12-17-21-00-00 na Disamba 17, 2017 a 21:00
Cire nexus
Gargaɗi: Wannan zai share bayanan ku na yanzu gaba ɗaya. Tabbatar yin ajiyar wuri a baya idan ya cancanta
Yi amfani da mai canzawa nexus_purgeidan kana buƙatar sake farawa daga karce kuma sake shigar da misalin nexus tare da cire duk bayanan.
Canja kalmar sirrin mai gudanarwa bayan shigarwa na farko
nexus_default_admin_password: 'admin123'
Bai kamata a canza wannan a cikin littafin wasan ku ba. Wannan madaidaicin yana cike da tsohuwar kalmar wucewa ta Nexus lokacin shigar da farko kuma yana tabbatar da cewa zamu iya canza kalmar wucewar admin zuwa nexus_admin_password.
Idan kuna son canza kalmar wucewa ta mai gudanarwa bayan shigarwa na farko, zaku iya canza shi zuwa tsohuwar kalmar sirri na ɗan lokaci daga layin umarni. Bayan canji nexus_admin_password a cikin littafin wasanku zaku iya gudu: